1 Oct 17, 2012 16:22
I'm trying to figure out which IP addresses I need to block because of spam. I did a WhoIs search for one of the IPs that showed in my "Stats" and I'm not quite sure what to do.
The WhoIs query came back with the following:
[Redirected to whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 18.104.22.168 - 22.214.171.124
descr: CHINANET FUJIAN PROVINCE NETWORK
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
remarks: service provider
The IP in question is - 126.96.36.199. Now, would I want to block just 188.8.131.52? Or the entire range of 184.108.40.206 - 220.127.116.11?
I've been going through and just blocking single IPs of ones that look suspicious. But, if blocking the whole range would be the best way I'll start doing that.
Any info/reply on this would be greatly appreciated. Thanks in advance.
3 Mar 25, 2013 06:31
How far away are we from where it would be okay to run v5 on my main blog (which has two other domains pointed at it.).
My site seem to have gotten unreliable recently...thought the mysql backend wasn't keeping up like I needed it to....but then I noticed that I've been climbing rather quickly to 80,000+ hits per day.
So, I looked at stats....and its all direct browser hits...large clusters of an IP fetching 100+ pages in less than a minute, and then another IP doing the same thing, and so on....and different ones doing different sets of pages, but there's only a few sets among the IPs.
And, 99% of the IPs are from China.
At first I was blocking individual IPs....after a while, I started looking up and blocking the whole ISP....then I thought I could may do an sql query of my hitlog and generate a list of IPs to block...(did a distinct and count type query)...but then how do I figure out which ones are bad. And, which ones are....ok?
#5 on the list is an IP that belongs to google....has google become evil yet?
Ended up going back to figuring out the ip ranges to block....almost feels like I'm blocking all of China now....after a day, direct browser hits had dropped to ~3k, but it has started up again again as I didn't get all the China ISPs....though now I'm starting see some HK and JP ISPs too....